﻿Imports System.Data.OleDb
Public Class editProfile
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

        'Use this to stop the page going back to the previous state of the edit, i.e. before the button was clicked
        If Not IsPostBack Then

            'Create database connection (can view connection string name form web.config)
            Dim oleDbConn As New OleDb.OleDbConnection(ConfigurationManager.ConnectionStrings("hotelsConnectionString").ConnectionString)

            'Create the sql string that will be used to add records to a database Syntax - "Insert into tablename(list of fields sperated by commas) values (list of values (aliases))"
            Dim SqlString As String = "SELECT * FROM profile WHERE TravellerName=@f1"

            'Protect against sql injection attacks such as mass deletion or destruction of database
            Dim cmd As OleDbCommand = New OleDbCommand(SqlString, oleDbConn)
            cmd.CommandType = CommandType.Text
            cmd.Parameters.AddWithValue("@f1", User.Identity.Name)

            'Open the database connection
            oleDbConn.Open()

            'Read data from the database i.e. dataReader
            Dim dr As OleDbDataReader = cmd.ExecuteReader()

            'Check if there are records
            If dr.HasRows Then

                'Bring back the first record (in this case there will be only one because the TravellerName is a unique property
                dr.Read()

                'Fill the textboxes with the profile table content, using IsDBNull just in case the fields are empty and the code does not like the null value
                If Not IsDBNull(dr("FirstName")) Then tb_firstName.Text = dr("FirstName")
                If Not IsDBNull(dr("LastName")) Then tb_lastName.Text = dr("LastName")
                If Not IsDBNull(dr("Description")) Then tb_profileDescription.Text = dr("Description")



            End If
        End If

    End Sub

    Protected Sub btn_saveProfile_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btn_saveProfile.Click
        Dim newFileName As String = ""
        Dim SqlString As String
        'Check to see if the picture file has been added for upload
        If fu_profilePicture.HasFile Then

            'Stop it creating a load of zeroes a generate an actual GUID
            Dim myGUID = Guid.NewGuid
            'Turn this GUID into a string and add the jpeg file extension to make a unique file name (but what if it was a .gif or .tiff etc?)
            newFileName = myGUID.ToString() + ".jpg"

            'Find the pictures folder and save the image there using its randomnly generated filename
            Dim picLocationOnServerHardDisk = Request.MapPath("pictures") & "/" & newFileName
            fu_profilePicture.SaveAs(picLocationOnServerHardDisk)

        End If

        'Create database connection (can view connection string name form web.config)
        Dim oleDbConn As New OleDb.OleDbConnection(ConfigurationManager.ConnectionStrings("hotelsConnectionString").ConnectionString)

        'If a picture has been uploaded then include it in the sql string
        If fu_profilePicture.HasFile Then

            'Update the recorded INCLUDING the picture
            SqlString = "UPDATE profile SET FirstName=@f1,LastName=@f2,Description=@f3,Picture=@f4 WHERE TravellerName=@f5"
        Else
            'If a picture has not been uploaded EXCLUDE it from the sql string when the record is updated
            SqlString = "UPDATE profile SET FirstName=@f1,LastName=@f2,Description=@f3 WHERE TravellerName=@f5"
        End If

        'Protect against sql injection attacks such as mass deletion or destruction of database
        Dim cmd As OleDbCommand = New OleDbCommand(SqlString, oleDbConn)
        cmd.CommandType = CommandType.Text
        cmd.Parameters.AddWithValue("@f1", tb_firstName.Text)
        cmd.Parameters.AddWithValue("@f2", tb_lastName.Text)
        cmd.Parameters.AddWithValue("@f3", tb_profileDescription.Text)

        'Make this one a file upload file going to the 'Pictures/' folder using its GUID file name
        If fu_profilePicture.HasFile Then cmd.Parameters.AddWithValue("@f4", "pictures/" & newFileName)
        cmd.Parameters.AddWithValue("@f5", User.Identity.Name)

        'Open the database connection
        oleDbConn.Open()

        'Execute to change the row in profile table
        cmd.ExecuteNonQuery()


        'Close the command objects to help the next page update
        cmd.Dispose()
        oleDbConn.Close()
        oleDbConn.Dispose()

        'Redirect the user to their profile page
        Response.Redirect("profile.aspx?TravellerName=" & User.Identity.Name)
    End Sub
End Class